Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2251239 - Contradicting statements for the IPv6 single-stack deployment of Satellite 6 with IPv4 Proxy.
Summary: Contradicting statements for the IPv6 single-stack deployment of Satellite 6 ...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Installation
Version: 6.14.0
Hardware: All
OS: All
unspecified
high
Target Milestone: Unspecified
Assignee: Malhar Jivrajani
QA Contact: Satellite QE Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-11-23 15:02 UTC by Sayan Das
Modified: 2024-01-04 11:11 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2024-01-04 11:11:22 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker SAT-21476 0 None None None 2023-11-23 15:04:10 UTC

Description Sayan Das 2023-11-23 15:02:13 UTC 
Document URL: 

https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/installing_satellite_server_in_a_connected_network_environment/preparing-environment-for-installation-in-ipv6-network_satellite#doc-wrapper

( Same for 6.13 and below )


Section Number and Name: 

Chapter 2. Preparing your Environment for Satellite Installation in an IPv6 Network


Describe the issue: 

2.1. Limitations of Satellite Installation in an IPv6 Network

You can install Satellite and Capsules in IPv6-only systems, dual-stack installation is not supported.

2.2. Requirements for Satellite Installation in an IPv6 Network

You must deploy an external IPv4 HTTP proxy server. This is required because Red Hat Content Delivery Network distributes content only over IPv4 networks, therefore you must use this proxy to pull content into the Satellite on your IPv6 network.

You must configure Satellite to use this IPv4 HTTP proxy server as the default proxy. For more information, see Adding a Default HTTP Proxy to Satellite.


So, We are recommending 

IPv6-only Sat -> IPv4-only Proxy -> IPv4 cdn

This is not possible unless there is some sort of special 6 to 4 address conversion ( NAT64 + DNS64 ) happening between Satellite and Proxy.



Suggestions for improvement: 

One way would be to have the Proxy server deployed on Dual-Stack and working with both IPv4 and IPv6 but I don't know how QE has tested this or if this is easy to configure or not.

If that is possible then , The proxy should accept the connection from Satellite using IPv6 connection and initiate the communication to CDN with IPv4 connection.


Additional information: 

Please reach out to Foreman\Katello team and get some clarifications about these two statements we mention. It seems we are missing something there to inform to our end-users.
Comment 5 Malhar Jivrajani 2023-11-24 14:22:56 UTC 
Link to the PR: https://github.com/theforeman/foreman-documentation/pull/2608
Comment 6 Sayan Das 2023-11-29 15:21:11 UTC 
There is something else I wanted to mention as well. 

Based on https://bugzilla.redhat.com/show_bug.cgi?id=1499238 , sub-man itself does not accept the IPv6 IP for a proxy server.

Based on the testing from the customer, the same is true for the proxy_hostname parameter as well

# cat /etc/rhsm/rhsm.conf | grep proxy_
proxy_hostname =
proxy_scheme = http
proxy_port =
proxy_user =
proxy_password =

JFYI error:

# subscription-manager repos --disable "*"
Proxy error: unable to connect to [24??:??00: Name or service not known (error code -2)   ## masked some info


So assuming that is true, and the Proxy is dual-stack, Should they need to use the proxy FQDN in rhsm.conf, and that FQDN should resolv to the IPv6 proxy?
Comment 7 Sayan Das 2023-11-30 08:56:36 UTC 
Conclusion of my discussion with QE team:

* Satellite should be on IPv6 and the DNS resolution should work properly here. 

* Proxy should be on dual-stack i.e. IPv4 and IPv6. 

   --> The Proxy FQDN needs to be resolving to IPv6 IP i.e. an AAAA record is needed and preferred. 

* In the rhsm.conf of satellite, the proxy_hostname field should be using the FQDN of proxy server but not the IPv6 IP. If AAAA record for Proxy IPv6 is not present, Then add the IPV6 ip and FQDN of proxy in /etc/hosts of satellite


Satellite and proxy is expected to talk to each other over IPv6 

Proxy is expected to talk to CDN and RHSM over IPv4
Comment 8 Malhar Jivrajani 2024-01-04 11:11:22 UTC 
Link to the updated and published documents: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/installing_satellite_server_in_a_connected_network_environment/preparing-environment-for-installation-in-ipv6-network_satellite#requirements-for-installation-in-an-ipv6-network_satellite
Note You need to log in before you can comment on or make changes to this bug.